Deepthi ratnayake

451 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
451
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Deepthi ratnayake

  1. 1. An improved authentication model for IEEE 802.11 to prevent Probe Request DoS Attacks. Deepthi Ratnayake (gdd0014@londonmet.ac.uk) LMU PG Student Conference 12th Nov 2010
  2. 2. Topics  Introduction  Aim  Design Flaws  Experiment  Test Bed  Results  Existing Countermeasures  Future Research
  3. 3. Introduction  What is IEEE 802.11?  What is Probe Request & Response ? Security Policy Agreement Supplicant (STA) Unauthenticated, Unassociated, 8021.1X Blocked Authenticator (AP) Unauthenticated, Unassociated, 8021.1X Blocked 1 - Beacon 1 - Probe Request 2 - Probe Response 3 - Authentication Request 4 - Authentication Response 6 - Association Response 5 - Association Request Authenticated, Associated, 8021.1X Blocked, Security Parameters Authenticated, Associated, 8021.1X Blocked, Security Parameters Authentication Phase of IEEE 802.11
  4. 4. Introduction  What is a PRF Attack ?  designed to manipulate 802.11 design flaws  Sends a flood of PR frames using MAC spoofing to represent a large number of nodes scanning the wireless network  So what happens?  Serious performance degradation or prevent legitimate users from accessing network resources (DoS). DoS attacks are the most common
  5. 5. Aim To find an effective method to:  recognise rogue Probe Request frames,  and prevent an AP from triggering a Probe Response. Length - Bytes 2 2 6 6 6 2 6 Variable Variable 4 Field Frame Control Duration ID DA SA BSSID Sequence Control SSID Supported Rates Estended Supported Rates FCS MAC HEADER FRAME BODY CRC Length - Bits 2 2 4 1 1 1 1 1 1 1 1 Field Protocol Version Type Sub Type To DS From DS More Frag Retry Power Management More Data WEP Reserved FRAME CONTROL
  6. 6. Design Flaws  each request message sent by a STA must be responded with a response message sent by the AP.  Probe Request/Response frames are unprotected.
  7. 7. Test Bed BSS Test1-PC (User) Windows XP Intel(R) PRO/Wireless LAN 2100 3B Mini PCI Adapter MAC: Intel_5b:dd:b3 Test3-PC (Attacker) BackTrack4 (Linux) MAC: Intel_a5:23:37 Test-AP (Access Point) MAC: Netgrar_42:cf:c0 Test2-PC (User) Windows Vista Intel® PRO/Wireless 2200BG Wireless Connection MAC: Intel_39:c9:33
  8. 8. Sniffing & Injecting work !
  9. 9. Existing Countermeasures  Cryptography  Encryption  long-term secret key  Client Puzzle  MAC Frame Fields  Analysis of Sequence Number field.  Change Re-try limit  Response Delay  NIC Profiling & Signal Finger Printing  AI Models
  10. 10. The future research  Keep a “Safe List” of known attributes and give priority to “Safe List”.  Pattern Recognition of “Transactions” and filter peculiar Probe Requests.
  11. 11. Summary  What is IEEE 802.11?  What is Probe Request & Response ?  What is a Probe Request Flooding Attack ?  So what happens?  Aim  Design Flaws  Experiment  Existing Countermeasures  Future Research
  12. 12. References  Bicakci, K. and Tavli, B. (2009) Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks, Computer Standards and Interfaces 31(5), pp931-941, [Online] Available at http://www.sciencedirect.com [Accessed: 3rd October 2009].  Faria, D.B. and Cheriton, D.R. (2006) Detecting identity-based attacks in wireless networks using signal prints, Proceedings of the 5th ACM workshop on Wireless security, Los Angeles, California [Online] Available at http://0-delivery.acm.org [Accessed: 30 November 2009].  Liu, C. and Yu, J. (2008) Rogue access point based DoS attacks against 802.11 WLANs, Fourth Advanced International Conference on Telecommunications, AICT '08., 8(13), pp271-276, [Online] Available at: http://0-ieeexplore.ieee.org [Accessed: 10 October 2008].  Malekzadeh, M. et al. (2007) Security improvement for management frames in IEEE 802.11 wireless networks, International Journal of Computer Science and Network Security, IJCSNS 7(6) [Online] Available at: http://citeseerx.ist.psu.edu [Accessed: 2 February 2010].  Martinovic, I. et al. (2008) Wireless client puzzles in IEEE 802.11 networks: security by wireless. In Proceedings of the First ACM Conference on Wireless Network Security, WiSec '08, New York [Online] Available at: http://0-doi.acm.org [Accessed: 31 March 2010].
  13. 13. Thank You Deepthi Ratnayake (gdd0014@londonmet.ac.uk) LMU PG Student Conference 12th Nov 2010

×